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(54) Computer security system 



(57) Several embodiments of computer security 
systems are described and which are adapted to grant 
an authorized individual access to a secured domain, 
such as a computer or data stream. In one embodiment, 
the security system comprises: an analyzing means for 
receiving first and second passwords, each of said 
passwords being transmitted over a first communication 
channel, analyzing said first password, transmitting a 
first signal output only if said first password is author- 



ized, and granting access to said secured domain only 
if said second password is substantially identical to a 
code; and a random code generating means for gener- 
ating said code, transmitting said code over a second 
communication channel upon receipt of first signal out- 
put, and transmitting said code to said analyzing means; 
and a notification means for receiving said code and for 
notifying said authorized individual of the identity of said 
code. 



CM 
< 

GO 

o 

Ql 

LU 



2 



408^ 



MODEM 

—T— 



USER/ 
SUBSCRIBER 



412, 

<• 1 unnru 



COMPUTER 



-406 



PAGER 



-420 



400 



MODEM | 



415 — 



HOST COMPUTER 



USER/ 
PASSWORD 
CHECK 



USER 
TABLE 



CODE 




CEN. 





CODE 
COMPARE 



422 

FIG.6 



416 



AUTOMATIC 
PHONE/ 
PAGER DIALER 



418 



Printed by Jouve. 75001 PARIS (FR) 



1 



EP 0 844 551 A2 



2 



Description 

1. Field of the Invention 

The present invention relates to a security and/or 
access restriction system and, in one embodiment, to a 
security and/or access reslriction system which is 
adapted to grant only authorized users access to a com- 
puter system and/or to certain data which may be resi- 
dent within the computer system and/or resident within 
a communications channel and/or other communica- 
tions medium. 

2. Background of the Invention 

In recent years, computers have proliterated in all 
parts of worldwide society including but not limited to, 
banking, financial services, business, education, and 
various governmental entities. For instance and without 
limitation, these compuler systems allow individuals to 
consummate financial transactions, to exchange confi- 
dential scientific and/or medical data, and to exchange 
highly proprietary business planning data. Hence, these 
computer systems require and/or allow very sensitive 
and confidential data to be stored and transmitted over 
great geographic distances. 

Moreover, the rise of multinational communications 
networks, such as the publicly available Internet com- 
munications system, has truly made the world a smaller 
place by allowing these computers, separated by great 
geographic distances, to very easily communicate and 
exchange data. In essence, these worldwide communi- 
cations channels/networks, sometimes collectively re- 
ferred to as "the Information Superhighway" have elec- 
tronically connected the peoples of the world - both the 
good and the very bad. 

That is, while these computer systems have in- 
creased efficiency and greatly changed the manner in 
which we work and interact, they have been especially 
prone to unauthorized "break-ins", viral destruction, 
and/or unauthorized data modifications. Accordingly, 
the rather sensitive and confidential data which is stored 
and used within these computer systems and transmit- 
ted between these computer systems has been the tar- 
get of attack by people known as "hackers" and by high 
level and very sophisticated espionage and industrial 
spies. Computer access security and data transmission 
security has recently come to the forefront of importance 
and represents one of the great needs of our times. 

Many attempts have been made to create and uti- 
lize various techniques (hereinafter the term "technique" 
as used and/or employed in this Application refers to any 
combination of software, hardware, and/or firmware 
which comprise an apparatus and a methodology 
whose components cooperatively achieve an overall se- 
curity objective) to "ensure" that only authorized users 
are allowed to gain access to these respective computer 
systems. These prior techniques, while somewhat ef- 



fective, suffer from various drawbacks. 

For example, one such prior computer system se- 
curity technique comprises the use of predetermined 
"passwords". That is, according to this security tech- 
5 nique, each computer system has a list of authorized 
passwords which must be communicated to it before ac- 
cess is given or allowed. In theory, one or more "trusted" 
system administrators distribute these "secret" pass- 
words to a group of authorized users of a computer sys- 

10 tern. The "secret" nature of the passwords, in theory, 
prevents unauthorized users from accessing the com- 
puter system (since presumably these unauthorized us- 
ers do not have the correct passwords). This technique 
is not very effective since oftentimes those authorized 

15 individuals mistakenly and unwittingly expose their 
password to an unauthorized user Moreover, this tech- 
nique of data security may be easily "broken" by a "hack- 
er's" deliberate and concentrated attempt at automati- 
cally inputting, to the targeted computer, hundreds and 

20 perhaps thousands of passwords until an authorized 
password is created. 

In addition to the prior password technique other, 
more sophisticated access techniques are known and 
used. For example, there are known techniques which 

2S require the possession of a physical object or feature, 
such as "access cards" which are "read" by a card read- 
ing device and biometric authentication techniques (e. 
g. requiring the initial input of such authorized user phys- 
ical characteristics as fingerprints and eye patterns and 

30 the later comparison of these input patterns to those of 
a "would-be" user). Both of these prior techniques are 
relatively complicated, are relatively costly, and are 
prone to error, such as and without limitation, mistaken 
unauthorized entry due to their complexity. These tech- 

35 niques are also prone to unauthorized entry by use of 
counterfeit and/or stolen cards, objects, and fingerprint 
readers. Other prior data security techniques, such as 
encryption, attempt to prevent unauthorized use of 
transmitted data or unauthorized access to a computer 

40 system by modifying and/or changing the transmitted 
data in a certain manner, and/or requiring the transmis- 
sion and receipt of modified data before access is grant- 
ed. While somewhat effective, these prior encryption 
techniques are relatively costly and complicated and re- 

45 quire one or more known "encryption keys" which are in 
constant exchange between users and which are them- 
selves susceptible to theft and/or inadvertent disclo- 
sure. Furthermore, the best-known and perhaps strong- 
est encryption algorithm is proprietary and cannot be 

so used without a costly license. Moreover, since the en- 
crypted message still provides all of the transmitted da- 
ta, in some form, it is still possible for one to gain access 
to the entire data stream by "breaking the encryption 
code". Since no encryption algorithm is ever considered 

55 "unbreakable", encryption is not considered to be a 
■foolproof security solution. 

There is therelore a need to provide a technique to 
substantially prevent the unauthorized access to one or 
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more computer systems and which overcomes the var- 
ious drawbacks of these afore-described prior tech- 
niques. There is also a need to provide a technique to 
substantially prevent the unauthorized interception and 
use of transmitted data and which overcomes the vari- 
ous drawbacks of the prior art. Applicant's invention(s) 
seek and do meet these needs. Applicant's invention, in 
one embodiment, achieves these objectives by splitting 
the data into a plurality of separate communication 
channels, each of which must be "broken" for the entire 
data stream to be obtained. In essence, in this embod- 
iment of Applicant's invention, cooperatively form the 
entire message. The splitting of the data in this manner 
may also "fool" the would be data thief into believing that 
he or she has obtained all of the data when, in fact, only 
several communication channels are obtained. 

SUMMARY OF THE INVENTION 

While a number of "objects of the invention" are set 
forth below : it should be realized by one of ordinary skill 
in the art that the invention(s) are not to be limited, in 
any manner, by these recited objects. Rather, the recited 
"objects of the invention" are to be used to place Appli- 
cant's various inventions in proper overall perspective 
and to enable the reader to better understand the man- 
ner in which Applicant's inventions are to be made and 
used, especially in the preferred embodiment of Appli- 
cant's invention. Accordingly, the various "objects of the 
invention" are set forth below: 

It is a first object of the present invention to provide 
a technique to substantially ensure that only authorized 
users gain access to a computer system. 

It is a second object of the invention to provide a 
technique to substantially ensure that only authorized 
users gain access to a computer system and which 
overcomes the various previously delineated draw- 
backs of the prior computer system security techniques. 

It is a third object of the invention to provide a tech- 
nique to substantially ensure that only authorized users 
have access and use of certain transmitted data appear* 
ing, for example, within a data stream. 

It is a fourth object of the invention to provide a tech- 
nique to substantially ensure that only authorized users 
have access and use ol certain transmitted data and/or 
certain hardware, software, and/or firmware which co- 
operatively form and/or comprise a computer system, 
and thai this technique overcomes the various previous- 
ly delineated drawbacks of the prior techniques. 

According to a first aspect of the present invention, 
a security system is provided. Particularly, the security 
system is adapted to be used in combination with a com- 
puter and to only grant an authorized individual access 
to the computer. The security system comprises, in one 
embodiment, password means for receiving a password 
by use of a first communications channel; and code gen- 
eration means, coupled to said password means, for 
generating a code by use of a second communications 



channel, and to allow that individual access to the com- 
puter system only if that individual generates and com- 
municates the code to the code generation means. 
According to a third aspect of the present invention, 

s a method is provided for use with a computer and effec- 
tive to substantially prevent an unauthorized user from 
accessing the computer. The method comprises, in one 
embodiment, the steps of assigning a password to the 
user; receiving the password by use of a first communi- 

10 cations channel; generating a code in response to the 
received password; transmitting the code by use of a 
second communications channel to the user; transmit- 
ting the code to the computer; and allowing access to 
the computer only after the code is transmitted to the 

is computer. 

According to a lourth aspect of the present inven- 
tion, a security system is provided to grant an authorized 
individual access to a secured stream of data bits. In 
one embodiment, the data security system comprises a 

20 data stream dividing means lor receiving said stream of 
data bits and dividing said stream of data bits into a plu- 
rality of sub-streams; transmitting means for transmit- 
ting said sub-streams in a predetermined order over a 
communication channel; and a decoding means for re- 

25 cciving said sub-streams and for recombining said re- 
ceived sub-streams to create said secured stream of da- 
ta bits. 

Further objects, features, and advantages of the 
present invention will become apparent from a consid- 

30 eration of the following description, the appended 
claims, and/or the appended drawings. It should further 
be realized by one of ordinary skill in the art that the 
previously delineated objects and aspects of the inven- 
tion are for illustration purposes only and are not to be 

35 construed so as to limit the generality of the inventions 
and/or to limit the interpretation to be given to the vari- 
ous appended claims. Moreover, it should also be real- 
ized by those of ordinary skill in the art that the term 
■communications channel" as used throughout this Ap- 

40 plication refers to any physical and/or electromagnetic 
means or method of transferring and/or communicating 
information from one or more sources to one or more 
receivers. Moreover, the term "communications chan- 
nel" should be given the broadest known interpretation 

45 covering any method and/or medium which facilitates 
the transfer of information and/or over which such infor- 
mation is transferred. 

BRIEF DESCRIPTION OF THE DRAWINGS 

so 

For a fuller and more complete understanding of the 
nature and objects of the present invention, reference 
should be had to the following drawings wherein: 

55 FIG . 1 is a block diagram of a computer security sys- 
tem made in accordance with the teachings of the 
preferred embodiment having the preferred security 
techniques of the inventbn; 
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FIG. 2 is a block diagram of another embodiment of 
a computer security system made in accordance 
with the teachings of the preferred embodiment 
having the preferred techniques of the invention; 
FIG. 3 is a block diagram of yet another embodi- 
ment of a security system made in accordance with 
the teachings of the preferred embodiment having 
the preferred techniques of the invention; 
FIG. 4 is a block diagram of another embodiment of 
a computer security system made in accordance 
with the teachings of the preferred embodiment 
having the preferred techniques of the invention; 
FIG. 5 is a schematic diagram of a password table 
used by the computer security systems shown in 
Figures 1 and 2; and 

FIG. 6 is a block diagram of one embodiment ol the 
preferred embodiment of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 

Referring now to Figure 1 , there is shown a block 
diagram of a computer security system 10, made in ac- 
cordance with the principles of the preferred embodi- 
ment of the invention and adapted for use in combina- 
tion with computer 80. More particularly, computer se- 
curity system 10 selectively allows communication and/ 
or data processing access to computer 80 in a manner 
which is technically described throughout the remainder 
of this Application. As shown, security system 10 in- 
cludes an 'analyzing means' 12 and a "random code 
generating means' 14. 

In one embodiment of the preferred embodiment of 
the invention, analyzing means 12 comprises one or 
more software subroutines which are adapted to exe- 
cute upon and/or within computer 80. Alternatively, an- 
alyzing means 1 2 may comprise a microprocessor and/ 
or similar type of computer which is adapted to operate 
under stored program control in the manner set forth in 
this Application. One example of another type of com- 
puter operating under stored program control and which 
may be used by the preferred embodiment of the inven- 
tion is shown and described within chapter eight of the 
text entitled Advanced Computer Architecture: Parallel- 
ism Scalability. Proorammability , which was authored by 
Kai Hwang, which is published by McGraw-Hill, Inc., 
which has a library reference number of ISBN 
0-07-031 622-8, and the entire text of all of the chapters 
of which are fully and completely incorporated herein by 
reference, word for word and paragraph for paragraph. 
In either embodiment, analyzing means 1 2 receives and 
compares at least two "sets" or streams of data. Should 
the individually received "sets' match, analyzing means 
12 generates and communicates an "access granted" 
command to computer 80, allowing individual 1 8 access 
to the computer 80 Moreover, random code generating 
means 14 may similarly comprise a conventional pseu- 
do-random number generator which may be construct- 
ed or developed on one or more software subroutines 



which reside and operate/execute upon and/or within 
computer 80 or may comprise a microprocessor and/or 
similar type of computer which operates under stored 
program control. 
5 In operation, individual 18, desiring access to and 
within computer 80 utilizes a first communication chan- 
nel 82 (e.g. a first telephone line, radio channel, and/or 
satellite channel ) and communicates, by use of his or 
her voice or by use of a computer 1 9 a first password to 

io analyzing means 12. Analyzing means 12 then checks 
and/or compares this first received password with a 
master password list which contains all of the authorized 
passwords associated with authorized entry and/or ac- 
cess to computer 80. 

'5 As shown in Figure 5, in the preferred embodiment 
of the invention, analyzing means 12 contains a master 
password list 200 having a first column of entries corre- 
sponding to authorized passwords necessary to gain 
access to computer 80. Moreover, as further shown in 

20 Figure 5, each authorized password 202, contained in 
this master password list 200, has a unique first entry 
204 associated with it and which identifies the name of 
the authorized user who has been assigned that corre- 
sponding password and at least one telephone number 

2S 206 and/or network address associated with the identi- 
fied user. 

If the received password matches an entry of the 
master password list, analyzing means 12 generates a 
command, by means of connecting bus 17 or software 

30 message or function call to random code generating 
means 14 and causes the random code generation 
means 14 to generate a substantially random and/or 
pseudo-random number or code, of programmable 
length, and to transmit the number and/or code, by 

3S means of a second communications channel 84, to the 
individual 85 associated with the received password 202 
in the master password list. That is, as should be appar- 
ent to one of ordinary skill in the art, code generation 
means 14 includes both a random number generator 

40 and a conventional and commercially available commu- 
nications interface (e.g. modem and/or telephone/pager 
interface), allowing the generated pseudo-random code 
to be generated or communicated over a wide variety of 
mediums. 

45 Further, it should be apparent that individual 85 may 
or may not be the same person as individual 18 . If in- 
dividual 18 was the individual identified in the master 
password list (e.g. "was authorized'), thai individual 18 
receives the pseudo-random number and transmits the 

50 number to the analyzing means 12, by means of com- 
munications channel 82. Once the pseudo-random 
number is received by the analyzing means 12, from 
channel 82, it is compared with the number generated 
by generation means 14. If the two codes are substan- 

ss tially the same, entry to computer 80 and/or to a certain 
part of computer 80 such as, without limitation, the hard- 
ware, software, and/or firmware port ions of computer 80 
is granted to individual 18. For instance, in another em- 
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bodiment, table 200 of Figure 5 could contain yet anoth- 
er set of entries specifying the directories or portions of 
computer 80 that the individual 18 was allowed to have 
access to. In this manner, allowed access to computer 
80 would be further restricted to those computer por- 
tions which are specified within table 200. It should be 
apparent to one of ordinary skill in the art that these por- 
tions may be different for different users and that each 
authorized user may have a different portion that may 
be accessed in an authorized manner. 

It should be apparent to one of ordinary skill in the 
art that Applicant's foregoing computer security tech- 
nique is a relatively low-cost, but effective technique, for 
properly ensuring that only authorized users gain ac- 
cess to a computer system, such as computer system 
80. That is, Applicant's foregoing computer security em- 
bodiment, utilizes two distinct communications chan- 
nels and a random number generator in order to ensure 
that an authorized user of a computer system is notified 
thai someone or something is seeking access to the 
computer system with his or her password. Moreover, 
Applicant's foregoing invention is very cost effective as 
it employs substantially "off the shelf' and readily avail- 
able components. Further, the use of a •secret" pass- 
word, a "secret" substantially random number, and a 
"secret" second channel allows for multiple levels of se- 
curity before access to the computer system is achieved 
and provides enhanced security over the prior art. 

Referring now to Figure 6 there is shown a compu- 
ter system 400 made in accordance with the teachings 
of the preferred embodiment of the invention and repre- 
senting one example and/or implementation which is 
made in accordance with the various teachings of the 
preferred embodiment of the invention As shown, com- 
puter system 400 includes a host computer 402 (corre- 
sponding to computer 80 of the system shown in Figure 
1 ) to which a useror other individual 404 (corresponding 
to individual 1 8 of Figure 1) desires access to. As further 
shown in Figure 6. As shown, individual 404, in this im- 
plementation example, utilizes a commercially available 
and conventional computer 406 and a commercially 
available and conventional modem 408 to communicate 
with a commercially available and conventional modem 
410 by means ol a typical communications channel (e. 
g. a conventional "dial-up" telephone line) 412. Hence, 
the user 404, in this embodiment, only requires conven- 
tional computer equipment. Host computer 402 : in this 
embodiment, requires a conventional and commercially 
available automatic dialer which is altered, in a known 
manner, to receive and pass one or more passwords 
and/or codes as data. 

In operation, user 404 dials through and/or by 
means of his or her computer 406 and modem 408 in 
the usual and conventional manner to connect and ac- 
cess host computer 402. The host computer 402, using 
the principles of the prelerred embodiment of this inven- 
tion, answers the requester's call, which occurs over 
channel 41 2, and requests and receives the user's iden- 



tification code, host computer 402 checks the received 
identification code and cross references the received 
password code against a pager phone number list res- 
ident within the user table 414 which is stored within 

5 computer 402. This comparison, is a match is made, 
causes the "code generator" software subroutine 415, 
resident within computer 402, to generate a pseudo-ran- 
dom number code and passes the received code along 
with the authorized user's pager number to the commer- 

10 dally available and conventional automatic dialer 418. 
The automatic dialer 418 telephones the conventional 
and commercially available pager 420 by means of con- 
ventional and commercially available communication 
channel 422 (e.g. voice line) and transmits the code to 

15 the user's pager. As this happens, the host computer 
402 awaits the reply from the user attempting to gain 
access to the computer. 

The user 404 now enters the code he or she has 
received from the pager 420 and any timing instructions 

20 which, in yet another embodiment of the invention may 
also be transmitted from computer 402, and sends this 
password or pseudo-random code back to computer 
402 where it is compared within the software subroutine 
module denoted as "code compare" 416 in Figure 6. If 

2S the comparison yields a match, the user 404 is allowed 
access to computer 402 and/or to a portion of computer 
402. 

Referring now to Figure 2, there is shown a second 
embodiment of a computer security system made in ac- 

30 cordance with the teachings of the preferred embodi- 
ment of the invention. This second embodiment 20 is 
substantially similar to system 1 0 but also includes a tim- 
er or timing means" 40 which may comprise one or 
more software subroutines which are adapted to oper- 

35 ate and/or execute within and/or upon computer 80 or 
may comprise a microprocessor which operates under 
stored program control. In one embodiment, timing 
means 40 comprises a conventional "watchdog timer" 
as will be apparent to those of ordinary skill in the art. 

40 in operation, timing means 40 records the time at 
which the first and second passwords are received by 
analyzing means 12. Timing means 40, in one embodi- 
ment which is coupled to analyzing means 12 and code 
generation means 14 by bus 42 and in another embod- 

45 jment which is in software communication with means 
1 2 and 1 4, then compares the times to determine wheth- 
er the second password was received within a prede- 
termined period or predetermined "window" of time after 
the first password was received. In the preferred em- 

50 bodiment of the invention, the predetermined period of 
time is programmable. The predetermined period of 
time, will typically need to vary according to the nature 
or the communications medium used by means 14 to 
notify individual 85 of the value of the generated code. 

55 For example, the predetermined period of time would 
be shorter when communications channel 84 comprises 
a pager or cellular phone, since the owner has immedi- 
ate access to the code upon transmission; and longer 
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when communications channel 84 comprises a voice- 
mail system which the owner has to affirmatively access 
to receive the code. If the second password was not re- 
ceived within the predetermined period of time, analyz- 
ing means 1 2 denies entry to the secured domain (e.g. 
computer 80). If the second password was received 
within the predetermined period of time, analyzing 
means 12 compares it to the code which was previously 
generated. If the second password is not substantially 
identical to the previously generated code, analyzing 
means 12 denies individual 18 entry to the secured do- 
main (e.g. computer 80). If the received password is 
substantially identical to the code, analyzing means 12 
grants individual 18 entry into the secured domain. As 
will be readily apparent to those of ordinary skill in the 
art, timing means 40 provides yet a third level of security 
to computer system 80. Moreover, it should also be ap- 
parent to one of ordinary skill in the art that this "prede- 
termined time' may be as short or as small as several 
milli-seconds or micro-seconds. This is particularly true 
if, in yet another embodiment of Applicant's invention, 
the password generated by communication means 1 4 
is received by a computerized device which is adapted 
to received the password and to generate a new pass- 
word code in a substantially automatic manner. 

Referring now to Figure 3, there is shown a block 
diagram of a third embodiment of a computer security 
system made in accordance with the principles of the 
preferred embodiment of the invention As shown, com- 
puter security system 70 is adapted to receive an input 
data stream 72, comprising in a first embodiment, a plu- 
rality of digital data bits 73, which are to be securely 
transmitted to a distant site. System 70, as further 
shown, includes a data stream dividing means 74 which 
in one embodiment comprises a commercially available 
one input and two channel output time division or statis- 
tical multiplexor which samples the bits of received data 
and places, in a certain predetermined manner (e.g. al- 
ternately) some of the received data bits onto the first 
communications channel 76 and some of the received 
data bits onto the second communications channel 78. 
In this manner, one attempting to wrongfully intercept 
and/or access the data stream 72 would need access 
to both communications channels 76, 78 and would 
need to know the dividing algorithm that dividing means 
74 utilizes to divide the received data for placement onto 
channels 76,78. Applicant's third embodiment therefore 
provides a very high level of data transmission security. 

As further shown in Figure 3, in this third embodi- 
ment of the invention, security system 70 further in- 
cludes a decoding means 88 which may comprise a 
commercially available microprocessor operating under 
stored algorithmic program control and which contains 
■mirror image" of the algorithm used to divide the data 
stream transmitted to it by means 74. In this manner the 
data from each of the channels 76,78 is reconstituted 
onto single channel 89, in substantially the exact same 
manner that it was received by means 74. In essence, 



this third embodiment of Applicant's invention allows 
and/or provides for the "splitting" of a data stream into 
a plurality of channels in a predetermined manner and 
the concomitant reconstitution of the data stream once 

5 the data has traversed the communications medium. 
Hence, the embodiment in Figure 3 splits the data 
stream so that anyone getting access to one of the chan- 
nels 76, 78 cant reconstruct the data stream because 
they're missing half or more of the information. If more 

10 channels are used, each channel carries far less than 
one-half the information. 

Referring now to Figure 4 there is shown a fourth 
embodiment of a computer security and/or data trans- 
mission system 100 which is made in accordance with 

*5 the teachings of the preferred embodiment of the inven- 
tion As shown, system 100 is adapted to receive a plu- 
rality of data bits 1 03 contained in a first communications 
channel 1 02. It should be noted that the data contained 
within this channel 1 02 is interspersed with a plurality of 

20 "non-data" or filler data bits or "material" 104 according 
to some predetermined and/or randomly varying algo- 
rithm (e.g. every third bit space is filler data) by a micro- 
processor system 106 which is operating under stored 
program control. The filler data 104 is binary data and 

2S cannot bo deciphered as "filler* by an unauthorized user. 
Therefore, even if one were to intercept the transmitted 
data, one could not decipher or decode the data. System 
1 00 further includes a decoder 1 1 0 for the data reception 
and decodes 202 for the algorithm reception which, in 

30 one embodiment, comprises a microprocessor acting 
under stored program control and which is adapted to 
"strip off" the "filler" bits and to allow the originally trans- 
mitted data to be reconstituted. In this manner, data may 
be safely transmitted and received in an authorized 

35 manner. In yet another embodiment of the invention 
which is shown in Figure 4, the algorithm which controls 
the filler pattern and/or the way that the filler data is in- 
terspersed within the "regular" data pattern may be pe- 
riodically changed in a known and predetermined man- 

40 ner. In this embodiment, the filler data is interspersed 
within the "regular" data according to a varying filler al- 
gorithm (e.g. every three bits for the first 99 bits and then 
every four bits thereafter). In this embodiment, decoder 
110 is adapted to "strip" off these tiller bits by having 

45 prior knowledge (e.g. embedded within a computer pro- 
gram resident within and controlling the decoder) of the 
varying algorithms which are utilized by system 100. 
Here, in the embodiment shown in Figure 4, unlike that 
shown and described with respect to Figure 3, all the 

50 data is transmitted on a single channel but is "muddied." 
In yet another embodiment of the invention, as 
shown in Figure 4, a varying data key is transmitted to 
decoder 110 and/or decoder 202 by microprocessor 
system 1 06 by use of a second channel 200. In this man- 

55 ner, a second channel is needed to tell or communicate 
the manner in which the filler data is interspersed within 
the regular data so that the decoder 110 may "strip off" 
the filler data. In this manner, the filler patterns may be 
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dynamically changed. Hence, this system utilizes dual/ 
multi channel media to communicate the cryptic modu- 
lation of the data with filler 

It is to be understood that the invention is not limited 
to the exact construction or method illustrated and de- 
scribed above, but that various changes and modifica- 
tions may be made without departing from the spirit and 
scope of the invention as defined in the following claims. 



Claims 

1. A security system for use in combination with a 
computer, said security system comprising: 

An analyzing means for receiving first pass- 
word, tor generating a first signal in response 
to said received first password, for receiving a 
first code, for receiving a second code, and for 
allowing access to said computer only if said 
first and said second codes are substantially 
identical and; 

code generation means for receiving said first 
signal and for generating and communicating 
said first code to said analyzing means 

2. A method to restrict access to a certain group of in- 
dividuals to a computer, said method comprising the 
steps of: 

assigning a unique password to each of said 

certain group of individuals; 

assigning a telephone number to each of said 

unique passwords; 

receiving a data stream; 

comparing said data stream to each of said 

unique passwords identifying one of said 

unique passwords with said data stream; 

generating and transmitting a first code to said 

telephone number associated with said one 

identified password; 

receiving a second code; 

comparing said first and said second codes; 

and 

allowing access to said computer only is said 
first and said second codes are substantially 
identical. 
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A method to securely transmit data having a plural- 
ity of bits, said method comprising the steps of: 

interspersing a plurality of filler data bits into 

said data in a certain pattern; 

transmitting said data and aid interspersed filler 

data; 

receiving said data and said interspersed filler 
data; 

and discarding said interspersed filler data. 

A security system adapted to grant an authorized 
individual access to secured domain, comprising: 

an analyzing means for receiving first and sec- 
ond passwords, each of said passwords being 
transmitted over a first communication channel, 
analyzing said first password, transmitting a 
first signal output only if said first password is 
authorized, and granting access to said se- 
cured domain only if said second password is 
substantially identical to code; and 
a random code generating means for generat- 
ing said code, transmitting said code over a 
second communication channel upon receipt of 
first signal output, and transmitting said code to 
said analyzing means. 

The invention according to claim 1 wherein said an- 
alyzing means if further comprises a timing means 
for recording the time that said first password is re- 
ceived and granting access to said secured domain 
only if said second password is received within a 
predetermined period of time. 



A method to securely transmit data comprising the 
steps of: 



so 



receiving said data; 

distributing said received data into a plurality of 

communications channels; 

transmitting said distributed data by use of said 

plurality of communication channels: 

receiving said distributed data; 

and reconstituting said data. 
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